{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 时光不老,我们不散 的问题《Kentor HTTPModule- ADFS Login SAMLResponse ERROR》','https://www.manongdao.com/q-742379.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In our ASP.Net project, I am using Kentor.AuthServices.HTTPModule and have configured ADFS.
Have given the SAML Assertion Consumer Binding as "redirect" and Trusted-URL as "ourSiteUrl".
After ADFS login is successful, it will redirect to ourSiteURL/AuthServices/Acs?SAMLResponse=... and it throws an Exception
Kentor.AuthServices.Exceptions.InvalidSignatureException: Cannot verify signature of message from unknown sender win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.
What could be the reason for this issue?
The reason is that AuthServices does not recognize the Idp with entity id
win-3obaenpbsol.dc10.inapp.com/adfs/services/trust.I also see that you are using the Redirect binding when sending the response to AuthServices, which is not supported. That is a setting you need to change on the ADFS side.
To make configuration easier, please use metadata. AuthServices supports importing ADFS metadata and AuthServices generates metadata that ADFS can consume at
ourSiteURL/AuthServices/.